decrypting a .NET v2.0 authentication cookie in .NET v1.1

 have two web apps: App A is .NET v1.1 and App B is .NET v2.0 and is running in a virtual directory subfolder of App A. 

App B is being used to authenticate users. The plan is to share authentication across web apps accoridng to this article:

ms-help://MS.NETFramework.v20.en/dv_aspnetcon/html/99e2f9e8-5b97-4a4d-a4ed-5f93276053b7.htm

In App A i have put some code to decrypt the cookie set by App B in the  Application_AuthenticateRequest Method. When I go to decrypt the authentication ticket in App A, I get an error on decrypting the cookie -- the exception message is "Bad Data."

Is it possible that .NET v1.1 cannot decrypt a cookie which has been encrypted by .NET 2.0?

This is virtually the same probelm documented here:

http://www.tod1d.net/blog/2006/01/sharing-authentication-across-aspnet.html

My question is WHY can't .NET v1.1 decypt the cookie encrytped by .NET v2.0? Is there an alternate method?

0
nilsey
10/25/2006 3:51:22 PM
asp.net.security 27051 articles. 1 followers. Follow

1 Replies
854 Views

Similar Articles

[PageSpeed] 21

Check out this blog post from Scott Gunnerson:

http://weblogs.asp.net/scottgu/archive/2005/12/10/432851.aspx 


Darrell Norton, MVP
Darrell Norton's Blog


Please mark this post as answered if it helped you!
0
DarrellNorton
10/26/2006 1:45:14 AM
Reply:

Similar Artilces:

Differences between .net 1, .net 1.1, .net 2.0 and .net 3.0
Hi, This seems to be a common question, but i havent got an answer yet:(Can, any one please explain me the differences between these versions.If you keep your feet firmly on the ground, you'll have trouble putting on your pants! Have a look into this links http://en.wikipedia.org/wiki/.NET_Framework http://blogs.msdn.com/mohammadakif/archive/2006/12/03/net-3-0-different-versions-of-the-net-framework.aspx http://www.codeproject.com/aspnet/ComparisonASP1xASP20.aspAshok Rajawww.iGold.inDon't forget to click "Mark as Answer" on the post that helped you. This credits that m...

Differences between .net 1, .net 1.1, .net 2.0 and .net 3.0 #2
Hi, This seems to be a common question, but i havent got an answer yet:(Can, any one please explain me the differences between these versions.If you keep your feet firmly on the ground, you'll have trouble putting on your pants! There are too many differences for one email - - from 1.0 to 1.1 (not a whole lot of real change, other than fixes, at least compared to 1.1 to 2.0) With 2.0, there were many new declarative controls, with many new ideas added in With 3.0, it's a superset of 2.0 - instead of replacing the installation completely, it just 'added on' new functionality - I would...

Side by Side Execution of .net v1.1 and .net v2.0
Hi i am new bie to asp.net 2.0.Till date i have been developing projects using VS.Net 1.1 and now i hv decided to upgrade to new version 2.0.Now i want to run and develop my projects using any of the versions as desired.My question is that can i install vs 2.0 without updating the previous version and will i be able to develop and run my applications in any of the versions as desired.i have been known that we can run these versions side by side(i.e. one application can use 1.1 and other 2.0),but can we do side by side development as well(i.e. one application can use 1.1...

Side by Side Execution of .net v1.1 and .net v2.0 (continued)
Hi, Dave wrote a previous post that said: "If you are referring to web applications - each Virtual server must specify the framework to run under.  Both can run side-by-side.. but not under the same virtual server (application pool)" That looks fine, but I wonder: Is it just as easy as going to Administrative Tools --> IIS --> Select the virtual directory --> go to the property's ASP.NET tab and then selecting the ASP.NET version? Is there some important information that I need to know before going into this? Are there going to be ANY issues I should be aware of? T...

Where is the ADO.NET Sybase driver for .NET 1.1 and .Net 2.0?
Hi All Does anyone know where I can get the Sybase drivers for ADO.NET for both versions, 1.1 and 2.0/3.0? Cheers Chris Burrell Hi Chris, There is no release of ASE ADO.NET Provider 2.0 (I assume you refer to ASE provider, not ASA - if ASA please port to sybase.public.sqlanywhere.general). For the 1.1 Provider: It is available in the ASE SDK for windows or the PC Client CDRom included with ASE product. On the SDK its available as 12.5.1 and 15.0 On ASE PC Client I think 12.5.1 is part of ASE 12.5.X and 15.0 is part of ASE 15.X 2.0 provider should release som...

Problems while porting .Net framework 1.0 (VB.Net) application to .Net Framework 1.1
Hello,   I have a ASP.Net web application,written in VB.Net,developed on .Net Framework 1.0 .I am trying to port it on to .Net framework 1.1.   For achieving this,I follow the following steps-   1.Open the project using the .vbproj file. 2.I am prompted with the conversion message "Do you want to convert the solution and all projects to .Net framework  1.1....." 3.I click "Yes" 4.I assume that the project is now converted. 5.I build the project & try to run it. 6.I get the following error -     Server Error in '/Consert.Net' Application. ...

LDAP Authentication .Net 1.0 code to .Net 2.0
A few years ago with help of Dunry (I think he wrote most of the LDAP part) we came up with the below C# that works in our environment. We now need to migrate this to .Net 2.0.Does anyone have any examples of something simliar that works in .Net 2.0? Thanks in advance.private void btnSubmit_Click(object sender, System.EventArgs e)  {   if(Page.IsValid)   {    SearchDirectoryUsername(txtUsername.Text);   }  }  private void SearchDirectoryUsername(string username)  {   using ...

Sharing cookie between .NET 1.1 and .NET 2.0 web app
I have two servers A and B.  A hosts .NET 1.1 web apps, while B hosts .NET 2.0 web apps.  I have a common login page written in .NET 2.0 (thus it's on server B).  In order to share the cookie, I set the machine key attributes (validation and encryption) of all apps to the same keys, and set all .NET 2.0 web apps to use decryption="3DES".  But for some reasons, my .NET 1.1 still cannot read the cookie generated by the .NET 2.0 login page.  Anyone has similar problem before?  Am I missing anything? Thanks. WenWen I am afraid you can only share t...

having .net 1.1 and .net 2.0
Was just wondering if you someone could tell me the ramifications of the following:  I have .net 2.0 but did not uninstally .net 1.1, i have visual studio 2003, and visual web developer installed on the computer as well as sql server 2000.  my question is whether that is a problem having the two runtimes installed at the same time?  i did this because i wanted to use VWD but keep vs 2003 in case i needed to do any development for work....any comments are appreciated.  --jpIf my post is helpful please mark as answerRegards -- jp(http://www.rzrsolutions.com/rzrWeb20/...

.net 2.0 to .net 1.1
Hello , This is shrirang. Currently i am working .net2.0 web application. but the same application is runing on production in .net 1.1 freamwork . we are not using any new feature of 2.0 in our application . can i run build of 2.0 on 1.1 freamwork . if yes can you  please tell me necessary steps to achive it .     Thanks in advance for your kind help     Regards Shrirang i think it is not possible to run the 2.0 application in 1.1 , so try to change to the frame work in the production server . ThanksRaja Ragothaman Hi Shrirang, Please contact web adm...

Uninstall .NET v1.1 if .NET 2.0 installed?
Haven't received an answer to this (possibly very dumb) question from MS Update Support, so I'll try here. After PC crash, I reformatted drive and reinstalled everything, starting with Win2000Pro, then all updates, other programs, saved data, etc. I now keep getting a "critical update needed for .NET Framework v1.1" msg from MS' auto updater, even though installed programs show I have both v1.1 and v2.0. Can I uninstall v1.1? If not, I guess I then do need to install the "critical update"?Thanks!    You can uninstall 1.1 and if you don't y...

.NET 1.0 books and .NET 1.1 books. Does it matter ??
Hello, I want to buy a book that is good to learn asp.net. I have seen some good books on ASP.NET in the book store, but some of them are for .NET 1.0 and not the current 1.1. Does it make that big of a difference if the asp.net book is 1.0 and not 1.1 ???? Someone please help me as I have to do quite a bit of driving to go review and purchase a book. I need to leave in about an hour so if someone know the answer, please respond, asap. Sincerely, Amy Daynou Amy- The changes are small enough that you won't see much, if any difference. This doesn't apply as much if you're ...

best practices to migrate from .net 1.0 to .net 1.1
hi, i have windows xp pro running iis 5.1. i have an intranet site running under iis. i made this site using VS.NET 2002 under .NET framework 1.0.3705. Now i want to upgrade me .NET frame work to version 1.1. , but i still want to use VS.NET 2002 for programming and maintaining the site. How do i do this without the upgrade affecting my already deployed website. A step by step procedure to migrate from version 1.0.3705 to version 1.1 would be quite helpful. Thanks in advance, Raja. Well, at least take a look at this doc about running v1.0 and 1.1 side-by-side h...

best method to migrate from .net 1.0 to .net 1.1
hi, i have windows xp pro running iis 5.1. i have an intranet site running under iis. i made this site using VS.NET 2002 under .NET framework 1.0.3705. Now i want to upgrade me .NET frame work to version 1.1. , but i still want to use VS.NET 2002 for programming and maintaining the site. How do i do this without the upgrade affecting my already deployed website. A step by step procedure to migrate from version 1.0.3705 to version 1.1 would be quite helpful. Thanks in advance, Raja. Hi, There is an article on this, right on this site. Check this Hope it hel...

Web resources about - decrypting a .NET v2.0 authentication cookie in .NET v1.1 - asp.net.security

Authentication - Wikipedia, the free encyclopedia
Authentication (from Greek : αὐθεντικός authentikos , "real, genuine," from αὐθέντης authentes , "author") is the act of confirming the truth ...

New Tools to Optimize App Authentication
At f8, we announced a redesigned Auth Dialog and a new authentication flow to give developers more control over people’s first experience with ...

Facebook Tells Some Developers They Have 48 Hours to Fix Authentication Data Leaks
... sent an email to what it calls a “very small percentage of the developer community” informing them their apps are suspected of leaking authentication ...

Lockdown - A better two-factor authentication experience on the App Store on iTunes
Get Lockdown - A better two-factor authentication experience on the App Store. See screenshots and ratings, and read customer reviews.


Sony Authentication Power Outlet Recognizes Users and Devices #DigInfo - YouTube
Sony Authentication Power Outlet Recognizes Users and Devices DigInfo TV - http://diginfo.tv 9/3/2012 NFC & Smart WORLD 2012 Sony Authentication ...

SafeNet brings Cloud-based authentication service to A/NZ
SafeNet has released its new Cloud-based authentication service, billed as Authentication-as-a-Service, in A/NZ.

Two-factor authentication - cyber security -
Two recent hacking cases highlight how personal emails can impact overall business security through tiny weaknesses.

Digital authentication to become Google's next big focus
Streamlining the website login process a top priority, according to the company’s Australian business and consumer services manager Dan Metcalf. ...

ATO boosts service access via app and voice authentication
The ATO has announced it will extend its voice authentication system to its mobile app

Resources last updated: 12/8/2015 2:44:39 AM